Welcome back, aspiring cyberwarriors!
Before we can exploit a target, we need to understand its attack surface completely. This means identifying web servers, discovering hidden endpoints, analyzing response headers, and mapping out the entire web infrastructure. Traditional tools like curl and wget are useful, but theyโre slow and cumbersome when youโre dealing with hundreds or thousands of targets. You need something faster and more flexible.
Httpx is a fast and multi-purpose HTTP toolkit developed by ProjectDiscovery that allows running multiple probes using a simple command-line interface. It supports HTTP/1.1, HTTP/2, and can probe for various web technologies, response codes, title extraction, and much more.
In this article, we will explore how to install httpx, how to use it, and how to extract detailed information about a target. We will also cover advanced filtering techniques and discuss how to use this tool effectively. Letโs get rolling!
Httpx is written in Go, so we need to have the Go programming language installed on our system.
To install Go on Kali Linux, use the following command:
kali > sudo apt install golang-go
Once the installation completes, verify it worked by checking the version:
kali > go version
To install httpx, enter the following command:
kali > go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
The โ-vโ flag enables verbose output so you can see whatโs happening during the installation. The โ@latestโ tag ensures youโre getting the most recent stable version of httpx. This command will download the source code, compile it, and install the binary in your Go bin directory.
To make sure httpx is accessible from anywhere in your terminal, you need to add the Go bin directory to your PATH if itโs not already there. Check if itโs in your PATH by typing:
kali > echo $PATH
If you donโt see something like โ/home/kali/go/binโ in the output, youโll need to add it. Open your .bashrc or .zshrc file (depending on which shell you use) and add this line:
export PATH=$PATH:~/go/bin
Then reload your shell configuration:
kali > source ~/.bashrc
Now verify that httpx is installed correctly by checking its version:
kali > httpx -version
Letโs start with some basic httpx usage to understand how the tool works. Httpx is designed to take a list of hosts and probe them to determine if theyโre running web servers and extract information about them.
The simplest way to use httpx is to provide a single target directly on the command line. Letโs probe a single domain:
kali> httpx -u โexample.comโ -probe
This command initiates an HTTP probe on the website. This is useful for quickly checking the availability of the web page.
Now letโs try probing multiple targets at once. Create a file with several domains you want to probe.
Now run httpx against this file:
kali > httpx -l hosts.txt -probe
One of httpxโs most powerful features is its ability to extract detailed information about web servers in a single pass.
Letโs quickly identify what web server is hosting each target:
kali > httpx -l hosts.txt -server
Now letโs extract even more information using multiple flags:
kali> httpx -l hosts.txt -title -tech-detect -status-code -content-length -response-time
This command will extract the page title, detect web technologies, show the HTTP status code, display the content length, and measure the response time.
The โ-tech-detectโ flag is particularly valuable because it uses Wappalyzer fingerprints to identify the technologies running on each web server. This can reveal content management systems, web frameworks, and other technologies that might have known vulnerabilities.
Filters in httpx allow you to exclude unwanted responses based on specific criteria, such as HTTP status codes or text content.
Letโs say you donโt want to see targets that return a 301 status code. For this purpose, the -filter-code or -fc flag exists. To see the results clearly, Iโve added the -status-code or -sc flag as well:
kali > httpx -l hosts.txt -sc -fc 301
Httpx outputs filtered results without status code 301. Besides that, you can filter โdeadโ or default/error responses with -filter-error-page or -fep flag.
kali> httpx -l hosts.txt -sc -fep
This flag enables โfilter response with ML-based error page detectionโ. In other words, when you use -fep, httpx tries to detect and filter out responses that look like generic or error pages.
In addition to filters, httpx has matchers. While filters exclude unwanted responses, matchers include only the responses that meet specific criteria. Think of filters as removing noise, and matchers as focusing on exactly what youโre looking for.
For example, letโs output only responses with 200 status code using the -match-code or -mc flag:
kali> httpx -l hosts.txt -status-code -match-code 200
For more advanced filtering, you can use regex patterns to match specific content in the response (-match-regex or -mr flag):
kali> httpx -l hosts.txt -match-regex โadmin|login|dashboardโ
This will only show targets whose response body contains the words โadmin,โ โlogin,โ or โdashboard,โ helping you quickly identify administrative interfaces or login pages.
Httpx can be used to quickly identify common vulnerabilities and misconfigurations across large numbers of targets. While itโs not a full vulnerability scanner, it can detect certain issues that indicate potential security problems.
For example, letโs probe for specific paths that might indicate vulnerabilities or interesting endpoints:
kali > httpx -l targets.txt -path โ/admin,/login,/.git,/backup,/.envโ
The -path flag, as the name suggests, tells httpx to probe specific paths on each target.
Another useful technique is probing for different HTTP methods:
kali > httpx -l targets.txt -sc -method -x all
In the command above, the -method flag is used to display HTTP request method, and -x all to probe all of these methods.
Traditional HTTP probing tools are too slow and limited for the kind of large-scale reconnaissance that modern bug bounty and pentesting demands. Httpx provides a fast, flexible, and powerful solution thatโs specifically designed for security researchers who need to quickly analyze hundreds or thousands of web targets while extracting comprehensive information about each one.
In this article, we covered how to install httpx, basic and advanced usage examples as well as shared ideas on how httpx might be used for vulnerability detections. This tool really fast and can significantly boost your productivity whether youโre conducting bug bounty hunting or web app security testing. Check this out, maybe it will find a place in your cyberwarriors toolbox.
In this article, let us discuss what Bug Bounty is and how to get started with Bug Bounty as a complete beginner. This article willย guide you on where to start, how to learn and how to earn
I have been a bug bounty hunter for a while. Of course, Iย got some certifications for reporting critical bugs to companies and some bounties, too; I will share my journey, how I got into bug bounty, where I started, and some valuable tips and resources you can learn effectively.
Hello there, In this tutorial, we will be discussing how to install and use Sqlmap in termux
apt update
thenย
apt upgradeย
thenย
pkg install pythonย
thenย
pkg install gitย
git cloneย https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
python sqlmap.py -u "htttp://127.0.0.1/page.php?id=1" --batch
In this article, I will share the best bug bounty tools I personally use as a Bug bounty hunter.
Of course, hundreds of tools exist for Professional pentesting or Bug bounty. Maybe you might be familiar with the tools,
as Bug bounty hunters, we are always curious to test new tools that save our maximum time and give the best results
Most of the targets are protected by some kind ofย Web application firewalls. We have to detect the WAF and bypass it for maximum impact,ย
Here are the tools I use for WAF detection
Today In this post, I will be sharing a unique writeup on SQL injection with Authorization Headers token.
A little bit intro to Authorization Tokens,
=> An Authorization token is generated and signed by the servers and is used to verify the users by unique tokens.ย
=> After the successful login, the server sends an authorization token, and web developers often store it in the browser's local storage or session storage.ย
=> Modern Websites use JWT(JSON Web Tokens) for User Authorization. It doesn't mean that each Authorization token is JWT. It depends on the backend and the Framework that the website uses,
Without wasting time, let's jump into the story
I am not a regular Bug Bounty hunter. You can say I am a seasonal Bug bounty hunter. I was bored and tried to search for some private bug bounty programs through google dorks, And Randomly selected a program for hunting. I did not do basic recon like Subdomain enumeration or any Dorking as I started with the main target.
For me, it was a typical day. I just fired up the Burp suite and opened the target site. as per the company policy, I am unwilling to reveal the target.
With the help of the Wappalyzer Plugin, I have noticed that the target runs on PHP. For me, PHP is vulnerable by nature. As a Web developer, I have plenty of experience building websites in PHP and fixing vulnerabilities.
While attacking targets, I have a practice of directory brute-forcing and checking the robots.txt file at the initial stage of my recon process.
I used Dirsearch to find the hidden directories, but no luck. I did not get anything fishy other than the admin page.
I tried Opening the admin page by visiting target/admin/
But No Luck it throws an error 403 Forbidden
I did not give up too quickly, again tried to Fuzz inside the admin page using Dirsearch. Thisย time events page got 200 responses.
Without any delay, I have opened the page target/admin/events/ย
I have noticed that the page is a regular login page, where it has two ways to log in, one for the author and another for the super admin
The post Carolin Solskรคr answers Detectify Crowdsource FAQs appeared first on Detectify Blog.
Bug bounty programs have made collaborating with hackers more acceptable, but these only benefit one company at a time. We want to make hacking scalable.ย
The post Detectify Crowdsource โ Not Your Average Bug Bounty Platform appeared first on Detectify Blog.
The post Detectify Crowdsource monthly recap | July 2017 appeared first on Detectify Blog.
Login